The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
WP Super Cache, a WordPress plugin, contains a persistent XSS vulnerability in versions prior to 1.4.4. Exploitation of this vulnerability could allow a remote attacker to take control of the affected system.
Apple has released security updates for OS X, iOS, Safari, and Apple TV to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of the affected system.
Available updates include:
- OS X Yosemite v10.10.3 and Security Update 2015-004 for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10 to v10.10.2
- iOS 8.3 for iPhones 4s and later, iPod touch 5th generation and later, and iPad 2 and later
- Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5 for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2
- Apple TV 7.2 for Apple TV 3rd generation and later
The Network Time Foundation's NTP Project has released an update addressing multiple vulnerabilities in ntpd. Exploitation of these vulnerabilities may allow an attacker to conduct a man-in-the-middle attack or cause a denial of service condition.
Users and administrators are encouraged to review Vulnerability Note VU#374268 for more information and update to NTP 4.2.8p2 if necessary.